Class: Dependabot::GithubActions::Package::PackageDetailsFetcher

Inherits:

Object

Object
Dependabot::GithubActions::Package::PackageDetailsFetcher

show all

Extended by:: T::Sig

Defined in:: lib/dependabot/github_actions/package/package_details_fetcher.rb

Instance Attribute Summary collapse

#credentials ⇒ Object readonly

Returns the value of attribute credentials.
#dependency ⇒ Object readonly

Returns the value of attribute dependency.
#ignored_versions ⇒ Object readonly

Returns the value of attribute ignored_versions.
#raise_on_ignored ⇒ Object readonly

Returns the value of attribute raise_on_ignored.
#security_advisories ⇒ Object readonly

Returns the value of attribute security_advisories.

Instance Method Summary collapse

#initialize(dependency:, credentials:, ignored_versions: [], raise_on_ignored: false, security_advisories: []) ⇒ PackageDetailsFetcher constructor

A new instance of PackageDetailsFetcher.
#latest_version_tag ⇒ Object
#lowest_security_fix_version_tag ⇒ Object
#release_list_for_git_dependency ⇒ Object

Constructor Details

#initialize(dependency:, credentials:, ignored_versions: [], raise_on_ignored: false, security_advisories: []) ⇒ `PackageDetailsFetcher`

Returns a new instance of PackageDetailsFetcher.

# File 'lib/dependabot/github_actions/package/package_details_fetcher.rb', line 35

def initialize(
  dependency:,
  credentials:,
  ignored_versions: [],
  raise_on_ignored: false,
  security_advisories: []
)
  @dependency = dependency
  @credentials = credentials
  @raise_on_ignored = raise_on_ignored
  @ignored_versions = ignored_versions
  @security_advisories = security_advisories

  @git_helper = T.let(git_helper, Dependabot::GithubActions::Helpers::Githelper)
end

Instance Attribute Details

#credentials ⇒ `Object` (readonly)

Returns the value of attribute credentials.



55
56
57

# File 'lib/dependabot/github_actions/package/package_details_fetcher.rb', line 55

def credentials
  @credentials
end

#dependency ⇒ `Object` (readonly)

Returns the value of attribute dependency.



52
53
54

# File 'lib/dependabot/github_actions/package/package_details_fetcher.rb', line 52

def dependency
  @dependency
end

#ignored_versions ⇒ `Object` (readonly)

Returns the value of attribute ignored_versions.



58
59
60

# File 'lib/dependabot/github_actions/package/package_details_fetcher.rb', line 58

def ignored_versions
  @ignored_versions
end

#raise_on_ignored ⇒ `Object` (readonly)

Returns the value of attribute raise_on_ignored.



61
62
63

# File 'lib/dependabot/github_actions/package/package_details_fetcher.rb', line 61

def raise_on_ignored
  @raise_on_ignored
end

#security_advisories ⇒ `Object` (readonly)

Returns the value of attribute security_advisories.



64
65
66

# File 'lib/dependabot/github_actions/package/package_details_fetcher.rb', line 64

def security_advisories
  @security_advisories
end

Instance Method Details

#latest_version_tag ⇒ `Object`

# File 'lib/dependabot/github_actions/package/package_details_fetcher.rb', line 116

def latest_version_tag
  @latest_version_tag ||= T.let(
    begin
      return git_commit_checker.local_tag_for_latest_version if dependency.version.nil?

      ref = git_commit_checker.local_ref_for_latest_version_matching_existing_precision
      return ref if ref && ref.fetch(:version) > current_version

      git_commit_checker.local_ref_for_latest_version_lower_precision
    end,
    T.nilable(T::Hash[Symbol, T.untyped])
  )
end

#lowest_security_fix_version_tag ⇒ `Object`

# File 'lib/dependabot/github_actions/package/package_details_fetcher.rb', line 96

def lowest_security_fix_version_tag
  # TODO: Support Docker sources
  return unless git_dependency?

  @lowest_security_fix_version_tag ||= T.let(
    begin
      tags_matching_precision = git_commit_checker.local_tags_for_allowed_versions_matching_existing_precision
      lowest_fixed_version = find_lowest_secure_version(tags_matching_precision)
      if lowest_fixed_version
        lowest_fixed_version
      else
        tags = git_commit_checker.local_tags_for_allowed_versions
        find_lowest_secure_version(tags)
      end
    end,
    T.nilable(T::Hash[Symbol, String])
  )
end

#release_list_for_git_dependency ⇒ `Object`

# File 'lib/dependabot/github_actions/package/package_details_fetcher.rb', line 68

def release_list_for_git_dependency
  # TODO: Support Docker sources
  return unless git_dependency?
  return current_commit unless git_commit_checker.pinned?

  # If the dependency is pinned to a tag that looks like a version then
  # we want to update that tag.
  if git_commit_checker.pinned_ref_looks_like_version? && latest_version_tag
    latest_version = latest_version_tag&.fetch(:version)
    return current_version if shortened_semver_eq?(dependency.version, latest_version.to_s)

    return latest_version
  end

  if git_commit_checker.pinned_ref_looks_like_commit_sha? && latest_version_tag
    latest_version = latest_version_tag&.fetch(:version)
    return latest_commit_for_pinned_ref unless git_commit_checker.local_tag_for_pinned_sha

    return latest_version
  end

  # If the dependency is pinned to a tag that doesn't look like a
  # version or a commit SHA then there's nothing we can do.
  nil
end

Class: Dependabot::GithubActions::Package::PackageDetailsFetcher

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(dependency:, credentials:, ignored_versions: [], raise_on_ignored: false, security_advisories: []) ⇒ PackageDetailsFetcher

Instance Attribute Details

#credentials ⇒ Object (readonly)

#dependency ⇒ Object (readonly)

#ignored_versions ⇒ Object (readonly)

#raise_on_ignored ⇒ Object (readonly)

#security_advisories ⇒ Object (readonly)